Combined DES salt and Keytab cleanup patch

Andrew Bartlett abartlet at
Wed Jul 12 11:33:30 GMT 2006

On Wed, 2006-07-12 at 05:53 -0500, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Dave Daugherty wrote:
> > Gerald (Jerry) Carter Sent: Tuesday, July 11, 2006 7:04 PM
> > Andrew Bartlett wrote:
> >>> The problem is that when a different application 
> >>> uses our keytab, they need to find entries by any
> >>> name that the client may use.  This includes various
> >>> case combinations.
> >>>
> >>> Really, the keytab reading code should be case 
> >>> insensitive, but that changes the kerberos libs...
> > 
> >> Yup.  I've read all of the threads on this and I want
> >> a concrete examples that fail.  This is one I have to
> >> see to believe after having following so much of the
> >> krb5 code that added for this or some other reason
> >> and is currently not even executed.  Show me and I'll
> >> add things back in one at a time.
> ...
> > As I think I mentioned before (and you probably remember 
> > since you are a smart guy) our test case is the MIT
> > kerberized telnet client that only does DES.  When I
> > was banging around in this rabbit hole, and I did not
> > populate DES keys in keytab - kerberized MIT telnet 
> > did not work.  This is not the same as "case
> > sensitivity" but it's a real application for you to
> > test with.
> Yup.  I remember. And it was the first one I tested with.
> Works fine for me.  Right now I'm working with mod_auth_kerb
> for more tests. I also have OpenSSH working and will
> toy with OpenLDAP later today.

One thing to test with is different case names in the client,
particularly on windows.  Ie

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list